Crypto crash unlikely to discourage Pyongyang’s illegal cyber activities: experts
By Kang Seung-woo
North Korea made headlines in 2022 by firing more ballistic missiles than any other year ― 38 launches.
But besides its ceaseless saber-rattling, the isolated country was also in the spotlight for its illegal cyber activities that allegedly raked in billions of dollars.
Crippled by international sanctions, the Kim Jong-un regime, which has refused to abandon its nuclear ambitions, has turned to digital crimes, or stealing cryptocurrencies ― an act feared to help fund the development of its weapons of mass destruction (WMD).
“The threat posed by North Korea’s cyber activities, especially its cryptocurrency thefts, is very real and very serious. The money North Korea has stolen, which is now in the billions of dollars, is a pure revenue stream that can finance North Korea’s most destabilizing activities,” said Nick Carlsen, a blockchain analyst at TRM Labs and a former FBI analyst.
“Their nuclear, missile and even intelligence operations now benefit from the resources these crimes generate for them.”
Alex O’Neill, co-founder of the Belfer Center’s North Korea Cyber Working Group, also said North Korea boasts significant capabilities in cyberspace, especially for generating illicit revenue.
“North Korean threat actors are not as sophisticated as some other state actors, but the resources they devote to cybercrime and the experience they’ve amassed over the last decade have helped them develop into an increasingly formidable threat,” he said.
 |
| From left are Go Myong-hyun, a senior fellow of the Asan Institute for Policy Studies, Nick Carlsen, a blockchain analyst at TRM Labs, and Alex O’Neill, co-founder of the Belfer Center’s North Korea Cyber Working Group. |
“Aside from the breaches and financial losses themselves, the international community is concerned that North Korean cybercrime blunts the effects of the sanctions regime and provides a major new cash stream for Pyongyang. It is particularly alarming that some of the proceeds seem to support North Korea’s WMD programs.”
According to blockchain data analysis firm Chainalysis, North Korea stole $1.75 billion (2.2 trillion won) worth of cryptocurrency between 2017 and 2020 and chalked up some 800 billion won last year alone, including a single operation in which it stole $620 million in bitcoin, according to the South Korean National Intelligence Service. The amount represents a staggering haul, compared with the country’s real gross domestic product (GDP) of $27.4 billion in 2020. In 2021, its economy also retreated 0.1 percent from a year earlier, according to Statistics Korea.
However, Go Myong-hyun, a senior fellow of the Asan Institute for Policy Studies, believes that Pyongyang’s cyber capabilities are not as sophisticated as before, adding that a shift in cyber-raid targets has led its cyber capabilities astray.
“Until 2016, North Korean hacking groups had launched cyberattacks against high-security governments or defense companies, raising speculation the country’s cyber capabilities may have reached a significant level. However, since then, it has hacked cryptocurrency exchanges or banks to gain financial profits (in not-so-advanced ways),” Go said.
Before a group of North Korean hackers known as Lazarus carried out a $81-million cyber heist of the Bangladesh central bank in 2016, they sent spear phishing emails to employees of the bank and gained access to the bank’s network before using the SWIFT message network to try to withdraw up to $1 billion from the Federal Reserve Bank of New York ― a method seen as an old-fashioned trick in the digital age, according to Go.
“Taking a closer look, its modus operandi is not a highly developed technology, but a phishing campaign,” Go said, adding that as two hot keywords ― North Korea and cryptocurrency ― are involved, the issue is drawing more attention.
Despite admitting the gravity of North Korea’s increasing cryptocurrency heists, the experts were skeptical whether the North Korean regime is walking away with a large chunk of money taken from the illicit activities.
“North Korean actors have inflicted billions of dollars of losses on victims around the world, but only a fraction of each heist actually reaches the Kim regime’s coffers. The high transaction costs of converting stolen cryptocurrency into fiat money, not to mention declining asset prices, mean the ultimate recipients end up with only a portion of the amount initially taken from victims,” O’Neill said, adding that driving up those transaction costs is “key to countering North Korea’s cybercriminal statecraft.”
Carlsen echoed O’Neill’s view. “There is no doubt North Korea is behind a large proportion of crypto thefts. The only questions remaining are the exact amounts stolen, and how much of the stolen crypto North Korea is able to be converted into usable traditional currencies,” he said.
“If anything, the scale of these thefts and their importance to the North Korean regime are hard to overstate. Cybercrime generally, and crypto thefts in particular, are now a key element in the North Korean government’s economic strategy.”
In that respect, North Korea may find itself in a dilemma over transactions, according to Go.
“To ultimately convert digital currency into funds that can be readily used is another requirement for North Korea, but it would not be easy because some exchanges with abundant liquidity may be under tight surveillance,” Go said.
“In addition, cryptocurrency transactions are recorded on a blockchain, so crypto hacks can be traced, meaning that it cannot be a risk-free asset for (cash-strapped) North Korea.”
For those reasons, Go said that it is excessive to believe that the entirety of North Korea’s crypto loot went into its weapons programs amid last year’s sharply increased missile tests.
Actually, Anne Neuberger, the U.S. deputy national security adviser, said last August that about a third of stolen cryptocurrencies were used to fund North Korea’s missile program.
 |
| North Korean leader Kim Jong-un oversees a military drill carried out to check and assess the war deterrent and nuclear counterattack capability of the country, in this undated photo released Oct. 10 by the North’s official Korean Central News Agency. EPA-Yonhap |
Currently, the rapid drop in crypto’s value, compounded by the bankruptcies of crypto exchanges, including the world’s second-largest crypto exchange FTX, may deal a blow to North Korea, which is believed to have lost millions of dollars to the crypto crash, the experts noted.
“The ‘crypto winter’ is certainly bad news for North Korea. As firms like Chainalysis and TRM Labs have reported, some of North Korea’s stolen virtual assets have shed more than two-thirds of their value over the last few months,” O’Neill said.
Carlsen added, “Declining crypto prices have probably caused quite a few headaches in Pyongyang. What was worth hundreds of millions earlier this year, for example the proceeds of the Axie/Ronin Bridge hack, are now worth quite a bit less. On paper this might look bad for North Korea’s hacking teams and their bottom lines.”
North Korea stole more than $620 million in cryptocurrency from online video game Axie Infinity’s Ronin network last March.
“Instability in the crypto industry is also causing North Koreans other headaches. For example, RenBTC ― perhaps North Korea’s favorite ERC-20 token ― was destroyed in the aftermath of the FTX collapse,” Carlsen said.
However, the pundits did not expect the general downturn in the crypto market to decrease Pyongyang’s appetite for obtaining cryptocurrency seriously.
“Even at depressed prices, crypto is still extraordinarily lucrative for North Korea. A few dozen skilled hackers can earn as much as tens of thousands of construction laborers in Russia, or coal miners inside North Korea and their brokers in China. North Korea may reassign some crypto theft specialists to other forms of cybercrime, but crypto theft will continue to be a key focus for North Korea,” Carlsen said.
With North Korea’s unprecedented cyberspace successes at generating revenue for its nuclear ambitions, South Korea, the United States and the international community are scrambling to find ways to stop it.
“As South Korea has an incentive to stop North Korea’s digital crimes from helping the development of its WMD and solid cyber capabilities, it is South Korea that would be the most like-minded country to the U.S. in dealing together with the North Korean cybercrime issue,” Go said.
“In addition, the South Korean government is also required to closely monitor local crypto exchanges that were robbed by North Korean hackers,” he said.
O’Neill said both countries should proactively target the online services and over-the-counter (OTC) brokers that facilitate North Korea’s cybercrimes, based on U.S. authorities’ actions last year against cryptocurrency mixers.
“As the U.S. and South Korea deepen their cooperation on this issue in bilateral and multilateral settings, one priority should be developing a more robust approach to regulating the cryptocurrency ecosystem, which remains far too hospitable to fraudsters and criminals. Another priority should be building other countries’ capacities to fight North Korean cybercrime and improving the flow of information between law enforcement agencies worldwide,” he said.
O’Neill also said the international community should also be concerned about the transferability of North Korea’s cybercrime statecraft.
“The model North Korea has pioneered, in which state-sponsored cyber actors generate illicit funds to support the regime’s malign activities, undoubtedly appeals to other rogue states and has the potential to undermine conventional sanctions. The United States, South Korea and like-minded states should develop plans for mitigating other countries’ likely embrace of state-directed cybercrime,” he said.
Noting that crypto-related crimes happen fast and traditional investigative response times are inadequate, Carlsen said, “Perhaps more important is the deepening cooperation between industry, and especially cryptocurrency exchanges, with law enforcement investigators.”
He added, “Exchanges are where the crypto rubber meets the real financial world’s roads ― exchanges are where crypto is exchanged for real-world currencies. Even though many exchanges are not required by law to help the governments investigating and trying to intercept the crypto stolen by North Korea, many are voluntarily cooperating proactively. This is wise. These exchanges are not only doing the right thing, they are also protecting themselves. They are all targets for the North Koreans too, after all.”
Seoul, Washington urged to cut North Korea’s purse strings through cryptocurrency regulations
